import base64
import hmac

from django.conf import settings
from django.http import HttpResponse
from django_scopes import scopes_disabled

from .. import metrics


def unauthed_response():
    content = '<html><title>Forbidden</title><body>You are not authorized to view this page.</body></html>'
    response = HttpResponse(content, content_type='text/html')
    response['WWW-Authenticate'] = 'Basic realm="metrics"'
    response.status_code = 401
    return response


@scopes_disabled()
def serve_metrics(request):
    if not settings.METRICS_ENABLED:
        return unauthed_response()

    # check if the user is properly authorized:
    if 'Authorization' not in request.headers:
        return unauthed_response()

    method, credentials = request.headers['Authorization'].split(' ', 1)
    if method.lower() != 'basic':
        return unauthed_response()

    user, passphrase = base64.b64decode(credentials.strip()).decode().split(':', 1)

    if not hmac.compare_digest(user, settings.METRICS_USER):
        return unauthed_response()
    if not hmac.compare_digest(passphrase, settings.METRICS_PASSPHRASE):
        return unauthed_response()

    # ok, the request passed the authentication-barrier, let's hand out the metrics:
    m = metrics.metric_values()

    output = []
    for metric, sub in m.items():
        for label, value in sub.items():
            output.append('{}{} {}'.format(metric, label, str(value)))

    content = '\n'.join(output) + '\n'

    return HttpResponse(content)
